ABSTRACT
Recent trends like edge computing move metro and core network elements from access restricted back offices to data centers where their attack surface is exposed to a larger audience. These trends increase the need for means of monitoring these network elements' peripherals in a secure and untampered way.
In this paper we introduce the use case of trusted peripheral monitoring on optical network elements. For network operators it is important to keep an untampered log of their network's configuration. But the effective settings can only be retrieved from a network element's hardware itself requiring the retrieval process to be trusted.
We propose TEEMo, an infrastructure for trusted peripheral monitoring for embedded devices based on ARM Trust-Zone. TEEMo establishes a trusted path between peripheral configuration lookup and reporting to a remote log server and reports the current configuration on an interval basis. We present a case study of porting TEEMo to an existing commercial networking product and share our experiences. Finally, we evaluate the performance of the solution and discuss the additional security.
- Silvano Frigerio, Alberto Lometti, Juergen Rahn, Stephen Trowbridge, and Eve L. Varma. 2010. Realizing the optical transport networking vision in the 100 Gb/s era. Bell Labs Technical Journal 14, 4 (2010), 163--192. Google ScholarDigital Library
- Marija Furdek, Nina Skorin-Kapov, Marko Bosiljevac, and Zvonimir Šipuš. 2010. Analysis of crosstalk in optical couplers and associated vulnerabilities. In The 33rd Internat. Convention MIPRO. IEEE, 461--466.Google Scholar
- Matthias Gunkel, Arnold Mattheus, Felix Wissel, Antonio Napoli, João Pedro, Nelson Costa, Talha Rahman, Gianluca Meloni, Francesco Fresi, Filippo Cugini, et al. 2015. Vendor-interoperable elastic optical interfaces: Standards, experiments, and challenges. Journal of Optical Communications and Networking 7, 12 (2015), B184--B193.Google ScholarCross Ref
- Vishal Karande, Erick Bauman, Zhiqiang Lin, and Latifur Khan. 2017. Sgx-log: Securing system logs with sgx. In Proc. of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 19--30.Google ScholarDigital Library
- Seungho Lee, Wonsuk Choi, Hyo Jin Jo, and Dong Hoon Lee. 2019. How to Securely Record Logs based on ARM TrustZone. In Proc. of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, July 09--12, 2019. 664--666. Google ScholarDigital Library
- Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. Secloak: Arm trustzone-based mobile peripheral control. In Proc. of the 16th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 1--13.Google ScholarDigital Library
- He Liu, Stefan Saroiu, Alec Wolman, and Himanshu Raj. 2012. Software abstractions for trusted sensors. In Proc. of the 10th international conference on Mobile systems, applications, and services. ACM, 365--378.Google ScholarDigital Library
- Renju Liu and Mani B. Srivastava. 2017. PROTC: PROTeCting Drone's Peripherals through ARM TrustZone. In Proc. of the 3rd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications, DroNet@MobiSys 2017, Niagara Falls, NY, USA, June 23, 2017. 1--6. Google ScholarDigital Library
- Nokia. 2019. Secure optical transport with the 1830 Photonic Service Switch. Whitepaper. https://resources.nokia.com/asset/194463.Google Scholar
Index Terms
- TEEMo: trusted peripheral monitoring for optical networks and beyond
Recommendations
Research on Trust Evaluation Model Based on TPM
FCST '09: Proceedings of the 2009 Fourth International Conference on Frontier of Computer Science and TechnologyTrusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and ...
A Secure and Reliable Platform Configuration Change Reporting Mechanism for Trusted Computing Enhanced Secure Channels
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer ScientistsThe security of well established secure channel technologies like transport layer security (TLS) or IP security (IPSec) can be significantly improved by emerging concepts like Trusted Computing. The use of trusted platform modules (TPMs) offers new ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management EngineeringDuring the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Comments